diff options
| author | Aurélien Grimpard <aurelien@grimpard.net> | 2024-05-14 14:55:32 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-14 13:55:32 +0100 |
| commit | 7d82987b2765b6c203ba12941c844fb7242c6c83 (patch) | |
| tree | 69d1fe25dfe6ad3d6e029ebf6cb5ff9d5ebf85d2 /synapse | |
| parent | Bump serde_json from 1.0.116 to 1.0.117 (#17182) (diff) | |
| download | synapse-7d82987b2765b6c203ba12941c844fb7242c6c83.tar.xz | |
Allows CAS SSO flow to provide user IDs composed of numbers only (#17098)
Diffstat (limited to 'synapse')
| -rw-r--r-- | synapse/config/cas.py | 13 | ||||
| -rw-r--r-- | synapse/handlers/cas.py | 5 |
2 files changed, 18 insertions, 0 deletions
diff --git a/synapse/config/cas.py b/synapse/config/cas.py index d23dcf96b2..fa59c350c1 100644 --- a/synapse/config/cas.py +++ b/synapse/config/cas.py @@ -66,6 +66,17 @@ class CasConfig(Config): self.cas_enable_registration = cas_config.get("enable_registration", True) + self.cas_allow_numeric_ids = cas_config.get("allow_numeric_ids") + self.cas_numeric_ids_prefix = cas_config.get("numeric_ids_prefix") + if ( + self.cas_numeric_ids_prefix is not None + and self.cas_numeric_ids_prefix.isalnum() is False + ): + raise ConfigError( + "Only alphanumeric characters are allowed for numeric IDs prefix", + ("cas_config", "numeric_ids_prefix"), + ) + self.idp_name = cas_config.get("idp_name", "CAS") self.idp_icon = cas_config.get("idp_icon") self.idp_brand = cas_config.get("idp_brand") @@ -77,6 +88,8 @@ class CasConfig(Config): self.cas_displayname_attribute = None self.cas_required_attributes = [] self.cas_enable_registration = False + self.cas_allow_numeric_ids = False + self.cas_numeric_ids_prefix = "u" # CAS uses a legacy required attributes mapping, not the one provided by diff --git a/synapse/handlers/cas.py b/synapse/handlers/cas.py index 153123ee83..cc3d641b7d 100644 --- a/synapse/handlers/cas.py +++ b/synapse/handlers/cas.py @@ -78,6 +78,8 @@ class CasHandler: self._cas_displayname_attribute = hs.config.cas.cas_displayname_attribute self._cas_required_attributes = hs.config.cas.cas_required_attributes self._cas_enable_registration = hs.config.cas.cas_enable_registration + self._cas_allow_numeric_ids = hs.config.cas.cas_allow_numeric_ids + self._cas_numeric_ids_prefix = hs.config.cas.cas_numeric_ids_prefix self._http_client = hs.get_proxied_http_client() @@ -188,6 +190,9 @@ class CasHandler: for child in root[0]: if child.tag.endswith("user"): user = child.text + # if numeric user IDs are allowed and username is numeric then we add the prefix so Synapse can handle it + if self._cas_allow_numeric_ids and user is not None and user.isdigit(): + user = f"{self._cas_numeric_ids_prefix}{user}" if child.tag.endswith("attributes"): for attribute in child: # ElementTree library expands the namespace in |